Ransomwares: Data is not recovered after paying the ransom
As we know in the field of cybercrime, attacks have literally become something common.
Unfortunately, many companies have been victims of ransomware attacks at least once. The major problem that people who are victims of this kind of cyberattack often face is whether to pay the ransom or not. At first, paying the ransom seems like a good solution in that considering the cost of repairs is more expensive than the sums often demanded by cyber criminals. Yet it's not that easy. Indeed, in a recent report provided by the security company, Coveware, several groups of cyber criminals do not get rid of information stealing during their cyberattacks even after the ransom has been paid.
This article will also interest you: Ransomware: Campari Group victim of Ragnar Locker
It is then remembered that the majority of hackers do not keep their words. In other words, paying the ransom won't protect you.
The firm's report was corroborated by several computer security researchers as well as several companies with victims of such cyberattacks.
Let us remember that we are in the context of attacks based on ransom programs.In particular, attacks specifically targeting companies with a certain importance and affiliation with digital. These are usually very important companies or public bodies. These organizations are in quite sensitive areas where a computer outage is likely to cause great financial damage than technically. The problem is not only the interruptions of the entire IT of the company or the organization in public, it also concerns the quality of information that can be stolen by cyber criminals. When the information is fairly confidential and sensitive, the ransom for me to be demanded by cyber criminals is rising. Especially since there is a possibility of blackmailing the said organization by the publication of this information.
Since 2019, there has been a new phase of attacks on the ransom program. Indeed, hackers are no longer content to encrypt access to the computer network. Apparently, this process no longer pays. They steal information, as much information as possible. And then it's blackmail, as we mentioned earlier. It is believed that this approach has its source in the fact that companies have begun to make backups of information. That way, when the access was encrypted and they were simply restoring all the systems.
So the new process is to blackmail companies after recovering as much information as possible. Some groups of hackers go further. Create websites, where they will publish information of their victims history to motivate them to pay the required amount. In this way, hackers promise data not only the decryption keys but also remove the information that is in their possession.
In this regard, the security company, Coveware, in its report warned companies: "Unlike trading for a decryption key, negotiation for the removal of stolen data has no end." "Once a victim receives a decryption key, it cannot be removed and it does not degrade over time. For stolen data, the attacker may return for a second payment at any time in the future. ».
Therefore, Coveware recommends that companies always consider that their data has not been erased by cyber criminals regardless of the situation. In this way, they must take appropriate action in this situation and prepare for the worst consequences. It is important to notify all people whose information has been exposed in this kind of problem. Especially when you know that most of the information that is stolen in these kinds of circumstances is data related to the finances or the very identity of the individuals. Companies will often use the pretext of paying the ransom to cyber criminals for not informing individuals directly affected by these information thefts.
Now access an unlimited number of passwords: